Dynamic Block Lists for Check Point firewalls

I have cooked together some further improvements on Check Points 'block TOR' scripts and built a small service around it. This is not an official Check Point function/product and is provided by me in my spare time.

At this moment the following blocklists are implemented:

OpenBL

Emerging Threats: Known Compromised Hosts

TOR exit nodes

BruteforceBlocker

Blocklist.de All

Talos

Dshield

The feeds are downloaded, sanity checked and then published on cpdbl.net for free. I am currently running all lists on two separate clusters without any noticeable performance hit. Of course ymmv so all feedback is appreciated. If you want to try it out go to: https://cpdbl.net

Screenshot of the interface:

Gateway details:

These scripts utilize the rate limiting policy in SecureXL. Therefore blocking is done in fastpath and should not impact performance noticably.

Connections from IPs listed in the activated blocklists are only blocked INBOUND. Outgoing communications are currently allowed. I have roadmapped a toggle for this.

VSX is not supported for now.

Workflow:

The server(cpdbl.net) downloads all the lists nightly and

Validates that all entries are valid IPs.

Baselines the lists, makes sure a list does not suddenly grow enormously.

Publishes the lists for the clients to download.

The client:

Downloads fresh lists every 12 hours

Times out entries in the block-table after 12 hours, hence if cpdbl.net is unavailable all entries will be removed at this time.

Validates that only entries containing numbers and "-" are read into the system. (to stop possible code injection)

Installs validated entries into blocking tables and waits for 12 hours before starting over again.